Merge pull request #436 from WalletConnect/hotfix/eip155-signature

[Hotfix] EIP-155 signature fix
WalletConnect · Aug 16, 2022 · 953df6a · 953df6a
2 parents 197c8ec + a1c6e02
commit 953df6a
Show file tree

Hide file tree

Showing 6 changed files with 45 additions and 25 deletions.
diff --git a/Example/ExampleApp.xcodeproj/project.pbxproj b/Example/ExampleApp.xcodeproj/project.pbxproj
@@ -1744,7 +1744,7 @@
 			isa = XCRemoteSwiftPackageReference;
 			repositoryURL = "https://github.com/flypaper0/Web3.swift";
 			requirement = {
-				branch = master;
+				branch = "feature/eip-155";
 				kind = branch;
 			};
 		};

diff --git a/Example/ExampleApp.xcodeproj/project.xcworkspace/xcshareddata/swiftpm/Package.resolved b/Example/ExampleApp.xcodeproj/project.xcworkspace/xcshareddata/swiftpm/Package.resolved
@@ -59,8 +59,8 @@
         "package": "Web3",
         "repositoryURL": "https://github.com/flypaper0/Web3.swift",
         "state": {
-          "branch": "master",
-          "revision": "23b6940bbda0769d9147bec6696b33a9fee0b120",
+          "branch": "feature/eip-155",
+          "revision": "92a43a8c279b9df25fe23dd6f8311e6fb0ea06ed",
           "version": null
         }
       }

diff --git a/Package.swift b/Package.swift
@@ -21,7 +21,7 @@ let package = Package(
             targets: ["WalletConnectRouter"]),
     ],
     dependencies: [
-        .package(url: "https://github.com/flypaper0/Web3.swift", .branch("master"))
+        .package(url: "https://github.com/flypaper0/Web3.swift", .branch("feature/eip-155"))
     ],
     targets: [
         .target(

diff --git a/Sources/Auth/Services/Signer/Signer.swift b/Sources/Auth/Services/Signer/Signer.swift
@@ -6,15 +6,17 @@ struct Signer {
     typealias Signature = (v: UInt, r: [UInt8], s: [UInt8])
 
     func sign(message: Data, with key: Data) throws -> Data {
+        let prefixed = prefixed(message: message)
         let privateKey = try EthereumPrivateKey(privateKey: key.bytes)
-        let signature = try privateKey.sign(message: message.bytes)
+        let signature = try privateKey.sign(message: prefixed.bytes)
         return serialized(signature: signature)
     }
 
     func isValid(signature: Data, message: Data, address: String) throws -> Bool {
         let sig = decompose(signature: signature)
+        let prefixed = prefixed(message: message)
         let publicKey = try EthereumPublicKey(
-            message: message.bytes,
+            message: prefixed.bytes,
             v: EthereumQuantity(quantity: BigUInt(sig.v)),
             r: EthereumQuantity(sig.r),
             s: EthereumQuantity(sig.s)
@@ -32,4 +34,9 @@ struct Signer {
     private func serialized(signature: Signature) -> Data {
         return Data(signature.r + signature.s + [UInt8(signature.v)])
     }
+
+    private func prefixed(message: Data) -> Data {
+        return "\u{19}Ethereum Signed Message:\n\(message.count)"
+            .data(using: .utf8)! + message
+    }
 }
diff --git a/Tests/AuthTests/CacaoSignerTests.swift b/Tests/AuthTests/CacaoSignerTests.swift
@@ -7,23 +7,24 @@ class CacaoSignerTest: XCTestCase {
 
     let privateKey = Data(hex: "305c6cde3846927892cd32762f6120539f3ec74c9e3a16b9b798b1e85351ae2a")
 
-    let message: String = """
-            service.invalid wants you to sign in with your Ethereum account:
-            0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2
-
-            I accept the ServiceOrg Terms of Service: https://service.invalid/tos
-
-            URI: https://service.invalid/login
-            Version: 1
-            Chain ID: 1
-            Nonce: 32891756
-            Issued At: 2021-09-30T16:25:24Z
-            Resources:
-            - ipfs://bafybeiemxf5abjwjbikoz4mc3a3dla6ual3jsgpdr4cjr3oz3evfyavhwq/
-            - https://example.com/my-web2-claim.json
-            """
-
-    let signature = "df33c1bb9d0a7934e6b0861d6286d5d223eb679d059fff89ee03530f30cd8d4a767ad28abdab90268a0052277b43f83b26b45194c2eefc5a46c9de727edc098001"
+    let message: String =
+        """
+        service.invalid wants you to sign in with your Ethereum account:
+        0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2
+
+        I accept the ServiceOrg Terms of Service: https://service.invalid/tos
+
+        URI: https://service.invalid/login
+        Version: 1
+        Chain ID: 1
+        Nonce: 32891756
+        Issued At: 2021-09-30T16:25:24Z
+        Resources:
+        - ipfs://bafybeiemxf5abjwjbikoz4mc3a3dla6ual3jsgpdr4cjr3oz3evfyavhwq/
+        - https://example.com/my-web2-claim.json
+        """
+
+    let signature = "438effc459956b57fcd9f3dac6c675f9cee88abf21acab7305e8e32aa0303a883b06dcbd956279a7a2ca21ffa882ff55cc22e8ab8ec0f3fe90ab45f306938cfa1b"
 
     func testCacaoSign() throws {
         let signer = MessageSigner(signer: Signer())

diff --git a/Tests/AuthTests/SignerTests.swift b/Tests/AuthTests/SignerTests.swift
@@ -11,16 +11,28 @@ class SignerTest: XCTestCase {
 
     private let message = "Message".data(using: .utf8)!
     private let privateKey = Data(hex: "305c6cde3846927892cd32762f6120539f3ec74c9e3a16b9b798b1e85351ae2a")
-    private let signature = Data(hex: "f7d00a04559bff462f02194874b1ae7d4a8f0461acbe4be73386ebe982a9b9dc599abf31107e1ba708a3ec72499f1fd73dd390c5ca1a3084abe176de0529d00e00")
+    private let signature = Data(hex: "66121e60cccc01fbf7fcba694a1e08ac5db35fb4ec6c045bedba7860445b95c021cad2c595f0bf68ff896964c7c02bb2f3a3e9540e8e4595c98b737ce264cc541b")
     private var address = "0x15bca56b6e2728aec2532df9d436bd1600e86688"
 
     func testValidSignature() throws {
         let result = try signer.sign(message: message, with: privateKey)
 
-        XCTAssertEqual(signature, result)
+        XCTAssertEqual(signature.toHexString(), result.toHexString())
         XCTAssertTrue(try signer.isValid(signature: result, message: message, address: address))
     }
 
+    func testEtherscanSignature() throws {
+        let addressFromEtherscan = "0x6721591d424c18b7173d55895efa1839aa57d9c2"
+        let message = "[Etherscan.io 12/08/2022 09:26:23] I, hereby verify that I am the owner/creator of the address [0x7e77dcb127f99ece88230a64db8d595f31f1b068]"
+        let signedMessageFromEtherscan = message.data(using: .utf8)!
+        let signatureHashFromEtherscan = Data(hex: "60eb9cfe362210f1b4855f4865eafc378bd442c406de22354cc9f643fb84cb265b7f6d9d10b13199e450558c328814a9038884d9993d9feb79b727366736853d1b")
+        XCTAssertTrue(try signer.isValid(
+            signature: signatureHashFromEtherscan,
+            message: signedMessageFromEtherscan,
+            address: addressFromEtherscan
+        ))
+    }
+
     func testInvalidMessage() throws {
         let message = "Message One".data(using: .utf8)!